Data protection policy of Aalto Beer Pong ry
The purpose of this document is to relay the essential information on the data protection policy of Aalto Beer Pong ry (ABP) to the people in charge of updating or handling the person registers that the association has.
Aalto Beer Pong ry currently has the following registers:
- Member register
- Event signup register
This document and the privacy statement for the registers listed above are updated if needed and yearly, no later than the 31st of January, as the board and persons in charge change. The persons responsible for the updates are the persons in charge of the registers.
User rights of the data protection registers and handing over the information
Limiting access to the information plays a very important role in preventing data protection problems. Access should be limited only to individuals who have the need to access the information in order to manage the association’s activities. For example, the whole board of the association should not have access rights at the start of the term; rather, the access should be limited to the person responsible for the register. The person responsible for the member register in our association is always the incumbent secretary, unless a separate decision stating otherwise has been made. The person responsible for the event signup register in our association is always the incumbent IT-manager, unless a separate decision stating otherwise has been made. The controller of the register will ensure that access to the register is only limited to the appropriate individuals.
Correspondingly, the access rights of the previous members of the board should be removed immediately after the change of the term. If a previous member of the board or previous official will need access to the register in their new board or official position during the new term, it is not needed to remove the access rights of the person in question. The removal of old access rights should be done no later than on the 31st of January. The person responsible for the update is the person in charge of the register.
Data types and reasons for data collection
Regarding the member register, your personal information will be used to keep our membership register up to date and possibly to send you emails about our upcoming events and association meetings. Your Telegram nickname will be used to add you to our Telegram channel, if you aren’t already a part of it. The mention of a full name and hometown is required for legislational reasons, and the information about an AYY membership is required to inform AYY how many of our members are its members. This information affects our status under AYY and its monetary support for us.
Regarding the event signup register, your email will be used to inform you about the tournament and your Telegram nickname will be used to add you to a possible tournament specific Telegram channel. Your Telegram nickname or phone number will also be used to contact you urgently, for example, if you are late to the tournament.
Anonymous data can be gathered from people who have attended events, meaning attendance numbers, amounts of omnivores and vegetarians, or other information that is not linked to register data. This information should be kept in a separate register.
Distribution of information
Regarding the member register, your information can be distributed to AYY but otherwise it will not be distributed outside of our association.
Regarding the event signup register, your team name will be public on the event signup website, and you can choose to make your name public, but otherwise your information will not be distributed outside of our association.
Life cycle of the information
The information in the registers must be kept only for as long as it serves its purpose. The member register must thus naturally have all the member information of the members of the association, and they must be removed when the person leaves the association. The information should be removed within a reasonable timeframe, at most within one month from leaving the association. In special cases, the information of the registered person can be stored longer, in which case the registered person in question will be informed of the reason for the extension. The special cases include for example case that outstanding claims should be collected from a previous member of the association or there is unfinished legal case between the association and the previous member of the association.
In the case of the event signup register, the information should be removed when it is seen that it is not essential or needed for the event for which the information has
been gathered. In terms of normal events, this means about a week. If some
of the information is required after this, for e.g. collecting participation fees, the information can be stored longer until there is no longer need for it.
Technical assurances for data protection
The technical execution of the registers is important in addition to access rights. The information is stored only in electronic format, in trustworthy servers operated by third parties, which complies with the EU GDPR. The encryption of the register is done using own passwords of Aalto Beer Pong ry.
The event signup register may contain information of dietary restrictions of individuals. The wording here is important, because allergy information is considered sensitive private information, whereas dietary restrictions are considered normal personal data. The legislation on data protection concerning sensitive private information is noticeably stricter than the legislation on data protection concerning normal personal data.
Right of an individual to check and request for corrections in the information
A private individual has the right to request for the information that the association has on them. In practice, this means the member register information.
There are only very little information on a person in the member register and event signup register, so it is not hard to do a quick search of both the member register and event signup register. The information should be handed over primarily in the same format as the request, meaning that an email should be answered to with an electronic reply with the information. A reasonable amount of time for processing the request is one month.
When required, the requesting party can be asked to verify their identity or to specify the request. Correspondingly, the individuals have the right to request for a correction in their information or for a removal of their information. A reasonable amount of time for correction and removal requests is also one month.
If you request the removal of your data from the member register, your membership will be revoked. Correspondingly, if you request the removal of your data from the event signup register, you will be removed from the tournament.
If you have questions about the handling of your personal information, contact us at [email protected]. More information about your rights can be read from https://tietosuoja.fi/tunne-oikeutesi.